Network Security Analysis with SnortIDS Using ACID (Analysis Console for Intrusion Databases

Abstract

The use of Wi-Fi and Ethernet is increasing in today's computer networks due to the advancement of technology. The development of networks today is characterized by the need for low-latency and high-bandwidth technology. The technology has also introduced 5G and Wi-Fi 6 which support high-speed internet surfing. The introduction of Network File System (NFS) in this era sparked the demand for Ethernet. NFS also increased the use of UNIX in education and professional computing in the 1980s. Then, in 1982, Token Ring Topology emerged as an alternative to the internet and was only standardized in 1985. Network security is an important factor in ensuring data is not stolen or damaged. With the increasing knowledge of hacking and cracking, and the availability of tools that can be easily used to launch attacks or intrusions, it is important to investigate when an attack occurs. One network forensic method for monitoring attacks on the network is using Snort IDS and Ntop to facilitate the logging process for monitoring the network system. Based on the results obtained from designing a network security with Snort Intrusion Detection System (IDS) using ACID (Analysis Console for Intrusion Databases) with the utilization of IPTables on Ubuntu Server can stop attackers. In this research, the researcher used IPTables on Ubuntu as a firewall to anticipate attacks. To prevent port scanning attacks conducted by the attacker, the author created a firewall using IPTables where the IPTables rules aim to block the IP address of the attacker.